GRR

GRR Rapid Response (GRR) is an open-source incident response framework designed to enable rapid data collection and live forensics across large numbers of endpoints. It originated at Google and has since been maintained by a broader community of contributors. The project aims to provide scalable, automated investigation capabilities for security operations teams and incident responders.

GRR uses a client–server architecture. A central server coordinates work by issuing flows and hunts to GRR

Core concepts in GRR include flows, hunts, and artifacts. Flows are modular routines that implement data collection

GRR is designed for use in digital forensics, incident response, and threat hunting. It supports extensibility